Please Read the Terms and Conditions Carefully
By using the website, you automatically agree to the Privacy Policy and the Terms and Conditions. In accordance with all rights and permissions established by law, you confirm that the information has been provided voluntarily and that all information you have submitted is accurate and reliable.
Legal Grounds for Processing Personal Data
The processing of data is permitted when:
-
The data subject* has given consent for the processing of their personal data for one or more specific purposes;
-
The processing is necessary for the performance of a contractual obligation with the data subject, or to take steps at the request of the data subject prior to entering into a contract;
-
The processing is necessary for the controller to perform obligations imposed by Georgian legislation;
-
The data is publicly available under the law, or the data subject has made it publicly available;
-
The processing is necessary for reviewing the data subject’s request (for the provision of services);
-
The processing is necessary to protect the significant legitimate interests of the controller or a third party, except when there is an overriding interest in protecting the rights of the data subject (including minors);
-
The processing is prescribed by law.
Purpose of Processing Personal Data
The Company processes personal data for the following purposes:
-
Purchasing and delivering products;
-
Improving services;
-
Marketing purposes;
-
Fulfilling contractual obligations;
-
Responding to customer complaints;
-
Approving online installment payments with partner financial institutions;
-
Fulfilling other rights and obligations established under Georgian legislation.
What Types of Personal Data Do We Process?
Based on the above purposes, the Company may process the following types of information:
-
First and last name;
-
Date of birth;
-
Personal identification number;
-
Phone number;
-
Residential address;
-
Email address.
Providing this information is mandatory for placing an order. Failure to provide the required information will make it impossible to fulfill and deliver your order.
Please note that the above information may be transferred to our partner companies when necessary in order to ensure product delivery, warranty services, or other related services.
Additionally, the Company may have access to software- and system-generated information, such as: the type of browser and operating system used by the user, the time and duration of website visits, and the domain name. Data is also processed through cookies, which allow access to the user’s IP address. Such information is processed automatically for the purpose of improving the services.
Duration and Scope of Personal Data Processing
The Company processes personal data only for the period necessary to achieve the legitimate purpose for which the data is collected. Once the purpose has been achieved, the data will be deleted, destroyed, or stored in a depersonalized form, unless the processing is required by law and such storage is a necessary and proportionate measure in a democratic society for the protection of overriding interests.
Personal data may be disclosed by the Company only in cases where there is a threat to national security and defense, public safety, crime detection or investigation, significant financial or economic interests of the country, the rights and freedoms of the user or others, or where disclosure is requested by law enforcement or other authorized bodies.
Rights of the Data Subject (User)
The user has the right to request confirmation from the Company as to whether their personal data is being processed, to verify the legitimacy of the processing, and to receive the following information free of charge upon request:
-
The data being processed and the grounds and purpose of its processing;
-
The source of the data collection/acquisition;
-
The period (duration) of data storage or, if it is impossible to determine a specific period, the criteria used to define such a period;
-
The legal basis and purpose of data transfer, as well as adequate safeguards for data protection if the data is transferred to another country or an international organization;
-
The identity or categories of data recipients, including the basis and purpose of cross-border transfers, if the data is disclosed to third parties.
The user has the right to receive the above information no later than 10 business days after submitting the request. In exceptional cases, with proper justification, this period may be extended for no more than an additional 10 business days, of which the data subject will be notified immediately.
Unless otherwise provided by Georgian legislation, the data subject has the right to choose the form in which the above information will be provided. If not specifically requested, information will be provided in the same form as the initial request.
Users have the right to access their personal data held by the Company and receive copies free of charge, except in cases where:
a) a fee is prescribed by Georgian legislation;
b) the controller has established a reasonable fee due to the format requested or the frequency of requests, covering the resources required to provide the data in a format different from the one in which it is stored.
The Company must provide access or copies no later than 10 business days after the request, unless otherwise provided by law. This term may be extended by an additional 10 business days in exceptional, justified cases.
The user has the right to access or receive copies of the data in the format in which it is stored by the Company; alternatively, they may request a different format for a reasonable fee, provided this is technically feasible.
If the Company independently discovers that the stored data is incorrect, inaccurate, or incomplete, it must correct, update, or supplement the data within a reasonable time and notify the data subject within 10 business days, unless the change relates to the correction of a technical error. If objective circumstances prevent timely notification, the Company must provide the information at the earliest possible communication opportunity.
The data subject has the right to request correction, update, or supplementation of incorrect, inaccurate, or incomplete data. Within 10 business days of such a request, the data must be corrected, updated, supplemented, or the data subject must be informed of the grounds for refusal and the procedure for appeal.
The Company may refuse such a request if:
-
there exists any legal basis for data processing under the Law of Georgia on Personal Data Protection (Article 5, Article 6);
-
the data is processed to substantiate a legal claim or complaint;
-
processing is necessary for the exercise of freedom of expression or access to information;
-
the data is processed for archiving in the public interest, scientific or historical research, or statistical purposes, where stopping processing, or deleting/destroying the data would make it impossible or significantly impair the achievement of the processing goals.
The data subject has the right to be informed of termination, deletion, or destruction of data immediately upon such action, but no later than 10 business days afterward.
The Company must notify all data recipients and processors responsible for further processing of the termination, deletion, or destruction of data, unless notification is impossible due to their number or would require disproportionate effort.
Right to Data Blocking
The data subject may request data blocking if:
a) the accuracy or authenticity of the data is disputed;
b) the processing is unlawful, but the data subject opposes deletion and requests blocking instead;
c) the data is no longer needed for the purpose of processing, but the data subject needs it to file a complaint or legal claim;
d) the data subject requests termination, deletion, or destruction, and the request is under review;
e) retention is necessary for using the data as evidence.
The Company must block the data in such cases unless blocking would threaten:
a) the Company’s ability to fulfill legal obligations;
b) the performance of tasks designated as public interest under law, or the exercise of authority granted to the Company by Georgian legislation;
c) the legitimate interests of the Company or a third party, unless overridden by the data subject’s rights—especially for minors;
d) the vital interests of the data subject or third party, or national security and defense.
Direct Marketing
Regardless of how data is collected or whether it is publicly available, the Company will process data for direct marketing purposes only with the data subject’s consent. For direct marketing, processing of data other than the subject’s name, surname, address, phone number, and email requires written consent.
The data subject may withdraw their consent at any time without any justification. They may request termination of direct marketing in the same form in which the marketing is conducted. Consent may also be withdrawn by sending an email to: grundfos@ipso.ge
The Company will stop direct marketing within a reasonable time, but no later than 7 business days after receiving the request.
Data Security
The Company is obligated to take appropriate technical and organizational measures to ensure that data is processed in accordance with the law and protected from loss, unlawful processing, destruction, deletion, alteration, disclosure, or unauthorized use.
However, due to rapid technological development, the Company cannot guarantee complete protection against unlawful access, hacking, or fraud, despite all security measures taken.
Legal Framework
This document is prepared in accordance with the legislation of Georgia, specifically the Law of Georgia “On Personal Data Protection.”